Overview

overview

10

Static

static

1

814e4e665c...c8.exe

windows7-x64

10

814e4e665c...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    814e4e665cbfbb465b3a779f790155c8

  • Size

    7.3MB

  • Sample

    240130-bbhhqafghp

  • MD5

    814e4e665cbfbb465b3a779f790155c8

  • SHA1

    d4dd6edb535396bdfe4d1c21af4f9ea2a1ef3111

  • SHA256

    561a27e811aa3a61afc77e1b4497c1d33aca7afd1adca5edbe4b5efa5bc38cd0

  • SHA512

    0eced049e36574fcca36b09b75d59e85d1698ae2dbbf045e32205fbdb1b7bca1cc02776e0fce4f27e2fc166c8d966b2379f7ce5ab0c0aa1ebfe51df2f238eefb

  • SSDEEP

    196608:6PGZKb8ENPo31FLd33n5D0U79EcnSPcoBXSciwxiRfDEC7:joNQFFLxGyKMGCcbsj7

Score
10/10
babadedacrypterdiscoveryloaderupx

Malware Config

Targets

    • Target

      814e4e665cbfbb465b3a779f790155c8

    • Size

      7.3MB

    • MD5

      814e4e665cbfbb465b3a779f790155c8

    • SHA1

      d4dd6edb535396bdfe4d1c21af4f9ea2a1ef3111

    • SHA256

      561a27e811aa3a61afc77e1b4497c1d33aca7afd1adca5edbe4b5efa5bc38cd0

    • SHA512

      0eced049e36574fcca36b09b75d59e85d1698ae2dbbf045e32205fbdb1b7bca1cc02776e0fce4f27e2fc166c8d966b2379f7ce5ab0c0aa1ebfe51df2f238eefb

    • SSDEEP

      196608:6PGZKb8ENPo31FLd33n5D0U79EcnSPcoBXSciwxiRfDEC7:joNQFFLxGyKMGCcbsj7

    Score
    10/10
    babadedacrypterdiscoveryloaderupx

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks